Key Components and Roles
The Eko AD Sync solution is built on several interacting components, deployed across both your Customer Data Center (on-premises) and the Eko. Understanding the role of each component is essential for proper setup and maintenance.
1. Eko Active Directory Connector (EkoADC)
The EkoADC is the central component deployed within the customer's infrastructure.
Definition
Eko’s proprietary software is designed for Eko user integration with Microsoft Active Directory.
Location
Deployed at the Customer Data Center (on-premises). It can be installed on-premises or on the cloud.
Interface
EkoADC provides a minimalistic web interface that allows setting up connection configurations, synchronization schedule, and event triggering synchronization manually.
The interface provides information on previous synchronization cycles, with a highlight on errors.
Usually, the Eko team support is the only one who manages the EkoADC. However, if a customer wishes to have access, it is possible after the training.
Primary Role
Responsible for two main tasks: user synchronization and authentication.
Technical Function
It performs LDAP binding for authentication and LDAP search for querying users from the directory database.
Communication
Connects to the customer's Active Directory (AD) via LDAP/LDAPS. Communicates externally with the Eko/EkoIDMAPI via HTTPS.
Software
Runs on a securely hardened Ubuntu image.
2. Microsoft Active Directory (AD) / Customer Directory
The Active Directory (AD) is the source of truth for user information within your organization.
Definition
A directory service developed by Microsoft for Windows networks, used for centralized domain management and identity-related services.
Location
Located in the Customer Data Center (on-premises).
Data Stored
Holds User profiles and User credentials.
Interaction
EkoADC requires direct connection and access (LDAP/LDAPS) to the Microsoft AD to pull user data and verify credentials.
3. Eko Identity Management API (EkoIDMAPI)
EkoIDMAPI is a custom API that handles identity processes within the Eko environment.
Definition
An Eko custom API for user synchronization and authentication.
Location
Hosted within the Eko Cloud.
Interface
EkoIDMAPI provides a minimalistic web interface that allows setting up connection configurations and user objects mapping.
The Eko team support is the only one who has access to the EkoIDMAPI interface.
Primary Role
Works with EkoADC to integrate external user accounts. Defines how external user accounts are mapped to Eko's user object.
Communication
Receives user synchronization data from EkoADC and handles authentication results.
4. Eko Application
The Eko Application hosts the central application services and data storage for the Eko platform.
Eko DB
The Eko Database stores the synchronized user profile data, credentials (if local authentication is enabled), and configuration information.
Eko Backend Services
These services (including EkoIDMAPI, Eko API, and QueueJob) manage the synchronization pipeline and reporting.
Last updated